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LISTING OF THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (Currently Amended): A method of administering access and security on a network 
having a plurality of computers, comprising: 

installing a one-way encrypted password file on each computer of the plurality of 
computers in the network, wherein the one-way encrypted password file includes a plurality of 
user identifications associated one-way encrypted passwords and associated privileges for each 
authorized user allowed access to the plurality of computers and the network; 

one-way encrypting a password entered by a user when the user logs into a computer of 
the plurality of computers on the network; 

checking for a match between the user identification and one-way encrypted password 
entered by the user and the plurality of user identifications and one-way encrypted passwords 
stored in the one-way encrypted password file; 

enabling access to data and software contained on the computer and the network 
permitted by the associated privileges for the user when a match is found on the one-way 
encrypted password file; 

broadcasting messages to the plurality of computers, such that each message is received 
at each computer; 
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filtering the broadcast messages at each computer according to the associated privileges 
of the user associated with each computer, such that a given message will be displayed only 
where the associated privileges of the user allow the message to be displayed; and 

filt e ring and displaying m e ssag e s broadcast or multicast within th e n e twork to th e us e r 
permitt e d by th e associat e d privil e g e s wh e n a match is found on th e on e way e ncrypt e d 
password fil e; and 

updating the mast e r one way encrypted password file at each of the plurality of 
computers, wherein updating the mast e r one way encrypted password file includes attaching a 
new master password file to a message at a computer accessible by a systems administrator or 
security officer, encrypting the message containing the new master password file using a private 
key and pass phrase available only to the systems administrator or security officer, transmitting 
the message to the plurality of computers, and decrypting the message at each computer using a 
public key corresponding to the private key. 

2. (Original): The method recited in claim 1, wherein the associated privileges contained 
in the one-way encrypted password file indicate the security level and access privileges of the 
user identification for access to software, data and messages contained in the computer, the 
network, and transmitted over the network. 

3. (Original): The method recited in claim 1, wherein when one or more attempts of the 
user entering a user identification and one-way encrypted password have failed to match the 
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plurality of user identifications and one-way encrypted passwords contained in the one-way 
encrypted password file, the method further comprising: 

transmitting to a systems administrator or security officer by the computer a notification 
of the failure to provide a one way encrypted user identification and password that matches a 
user identification and one-way encrypted password stored on the one-way encrypted password 
file. 

4. (Original): The method recited in claim 3, further comprising: 

locking, upon request by the systems administrator or security officer, the computer being 
accessed by the user having at least one failed attempt at entering a user identification and one- 
way encrypted password so as to permit only access to a login screen by the user. 

5. (Original): The method recited in claim 3, further comprising: 

spoofing, upon request by the systems administrator or security officer, the user into 
believing that the access has been gained to the computer, wherein spoofing includes the 
presentation of false messages and information to the user. 

6. (Original): The method recited in claim 3, further comprising: 

disabling, upon request by the systems administrator or security officer, the computer 
system so that the user cannot access the computer system. 

7. (Original): The method recited in claim 6, further comprising: 
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deleting, upon request by the systems administrator or security officer, a 
plurality of files stored in the computer system. 

8. (Original): The method recited in claim 1, further comprising: 

displaying to a screen on the computer system a request for re-authentication at the 
direction of a system administrator or security officer. 

9. (Original): The method recited in claim 8, wherein the request for re-authentication 
comprises: 

displaying a login screen having a position for entry of the user identification and 
password. 

10. (Original): The method recited in claim 9, wherein the user identification is a role or 
title indicative of a level of authority of the user. 

1 1 . (Original): The method recited in claim 9, further comprising: 

accessing a master password file on a computer system accessible by the systems 
administrator or security officer; 

onerway encrypting the password; and 

searching the master password file for a match of the user identification and one-way 
encrypted password. 
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The method recited in claim 1 1 , further comprising: 
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disabling the computer system, or spoofing the user, or locking the computer system 
when a match is not found for the user identification and one-way encrypted password in the 
master password file. 

1 3 . (Original): The method recited in claim 1 1 , wherein after the user has entered the user 
identification and one-way encrypted password and the user identification and one-way 
password has matched that found in the one-way encrypted password file, further comprising: 
entering a new password by the user; 

re-authenticating the user identification and one-way password stored on the master 
password file; 

one-way encrypting the new password; and 

replacing the user identification and password with the one-way encrypted user 
identification and the new one-way encrypted password in the master password file. 

14-15. (Cancelled) 

16. (Original): The method recited in claim 1, further comprising: 

detecting an anomalous event in a computer of the plurality of computers; and 
reporting the anomalous event to a system administrator or security officer. 

17. (Original): The method recited in claim 16, wherein the anomalous event comprises: 
the user has exceeded the number of allowable unsuccessful login attempts; 
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a change in the users associated privileges has occurred; 
a system disable operation was initiated by the user; 
a user's password has expired; 

a message was rejected due to an invalid digital signature; 

a request for remote user re-authentication has been received by the systems 
administrator or security officer; 

a request for a remote user lockout has been received by the system administrator or 
security officer; and 

a request for remote loading passwords has completed successfully on the system 
administrator or security officer. 

18. (Original): The method recited in claim 16, further comprising: 

deleting a plurality of files on the computer and disabling the computer in response to an 
anomalous event when requested by the system administrator or security officer or when an 
immediate shutdown in requested by the user. 

19. (Original): The method recited in claim 17, further comprising: 

disabling the computer system, or spoofing the user, or locking the computer system 
when an anomalous event occurs. 

20. (Previously Amended): A system to administer access and security on a network 
having a plurality of computers, comprising: 
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a one-way encrypted password file on each computer of the plurality of computers in the 
network, wherein the one-way encrypted password file includes a plurality of user 
identifications, associated one-way encrypted passwords and associated privileges for each 
authorized user allowed access to the plurality of computers and the network; 

a user login module to receive a user identification or role and password from a user and 
login the user when a match is found in the one-way encrypted password file; 

a channel monitoring and filtering module to monitor and receive broadcast or multicast 
messages within the network and display the message to the user when the user's associated 
privileges permit the viewing of the message; and 

a remote auditing module operative to monitor and process anomalous events which may 
occur on the computer, the anomalous events comprising: 

a change in the users' associated privileges; 

a system disable operation initiated by the user; 

the expiration of a user's password; 

the rejection of a message due to an invalid digital signature; 

a request for remote user re-authentication received from the systems administrator or 
security officer; 

a request for a remote user lockout received from the system administrator or security 
officer; and 

successful completion of a request for remote loading passwords to a system 
administrator or security officer. 
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2 1 . (Original): The system recited in claim 20, further comprising: 

a password management module to update and insure that all the computers in the 
network contain the same one-way encrypted password file. 

22-23. (Cancelled) 

24. (Original): The system recited in claim 20, further comprises: 

a remote control module to enable a systems administrator or security officer to take 
appropriate action when an event transpires, wherein the event is an anomalous event. 

25. (Original): The system recited in claim 24, wherein the appropriate action comprises: 
disabling, upon request by the systems administrator or security officer, the computer 

system so that the user cannot access the computer system; and 

deleting, upon request by a systems administrator or security officer, a plurality of files 
stored in the computer. 

26. (Original): The system recited in claim 24, wherein the appropriate action comprises: 
spoofing, upon request by a systems administrator or security officer, the user into 

believing that the access has been gained to the computer, wherein spoofing includes the 
presentation of false messages and information to the user. 



27. 



(Original): 



The system recited in claim 24, wherein the appropriate action comprises: 
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locking the computer, upon request of a systems administrator or security officer, and 
displaying a login screen for the user to re-authenticate the user identification and password. 

28. (Original): The system recited in claim 20, further comprising: 

an authentication module to re-authenticate the user after the user login module has found 
a match in the one-way encrypted password contained in the computer by checking the user 
identification and password against a master password file stored in a computer accessible by a 
systems administrator or security officer. 

29. (Original): The system recited in claim 21, wherein the password management module 
attaches a master password file containing a complete user identifications, associated one-way 
encrypted passwords and associated privileges to a message, encrypts the message using a 
private key and pass phrase for the system administrator or security officer and broadcasts the 
message to all users. 

30. (Original): The system recited in claim 29, wherein the password management module 
decrypts the message using a public key associated with the private key, replaces the one-way 
encrypted password file when decryption of the message is successful and reports a failure to the 
system administrator or security officer when the decryption is not successful. 

3 1 . (Previously Amended): A computer program executable by a computer and embedded 
in a computer readable medium to administer access and security on a network having a plurality 
of computers, comprising: 
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a one-way encrypted password file on each computer of the plurality of computers in the 
network, wherein the one-way encrypted password file includes a plurality of user 
identifications, associated one-way encrypted passwords and associated privileges for each 
authorized user allowed access to the plurality of computers and the network; 

a user login code segment to receive a user identification or role and password from a 
user and login the user when a match is found in the one-way encrypted password file; 

a channel monitoring and filtering code segment to monitor and receive broadcast or 
multicast messages within the network and display the message to the user when the user's 
associated privileges permit the viewing of the message; and 

a remote control code segment that enables a systems administrator or security officer to 
take appropriate action when an anomalous event transpires, the appropriate action including 
spoofing the user into believing that the access has been gained to the computer, wherein 
spoofing includes the presentation of false messages and information to the user. 

32. (Original): The computer program recited in claim 3 1 , further comprising: 

a password management code segment to update and insure that all the computers in the 
network contain the same one-way encrypted password file. 

33. (Original): The computer program recited in claim 3 1 , further comprising: 

a remote auditing code segment to monitor and process anomalous events which may 
occur on the computer. 

-11- 



/ 



Serial No. 09/589,747 ' Docket No. NG(MS)6336 

34. (Original): The computer program recited in claim 33, wherein the anomalous events 
comprise: 

the user has exceeded the number of allowable unsuccessful login attempts; 
a change in the users associated privileges has occurred; 
a system disable operation was initiated by the user; 
a user's password has expired; 

a message was rejected due to an invalid digital signature; 

a request for remote user re-authentication has been received by the systems 
administrator or security officer; 

a request for a remote user lockout has been received by the system administrator or 
security officer; and 

a request for remote loading passwords has completed successfully on the system 
administrator or security officer. 

35. (Cancelled): 

36. (Previously Amended): The computer program recited in claim 3 1 , wherein the 
appropriate action comprises: 

disabling, upon request by the systems administrator or security officer, the computer 
system so that the user cannot access the computer system; and 

deleting, upon request by a systems administrator or security officer, a plurality of files 
stored in the computer. 
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37. (Cancelled) 

38. (Previously Amended): The computer program recited in claim 3 1 , wherein the 
appropriate action comprises: 

locking the computer, upon request of a systems administrator or security officer, and 
displaying a login screen for the user to re-authenticate the user identification and password. 

39. (Original): The computer program recited in claim 31, further comprising: 

an authentication code segment to re-authenticate the user after the user login code 
segment has found a match in the one-way encrypted password contain in the computer by 
checking the user identification and password against a master password file stored in a 
computer accessible by a systems administrator or security officer. 

40. (Original): The computer program recited in claim 32, wherein the password 
management code segment attaches a master password file containing a complete user 
identifications, associated one-way encrypted passwords and associated privileges to a message, 
encrypts the message using a private key and passphrase for the system administrator or security 
officer and broadcasts the message to all users. 

41 . (Original): The computer program recited in claim 40, wherein the password 
management code segment decrypts the message using a public key associated with the private 
key, replaces the one-way encrypted password file when decryption of the message is successful 
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and reports a failure to the system administrator or security officer when the decryption is not 
successful. 
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